A bug in Quicklook, found by Charlie Miller and Dion Blazakis, which allowed arbitrary code to be executed on viewing a maliciously crafted Microsoft Office file has been fixed. In Webkit, an integer overflow when handling nodesets, found by Vincenzo Iozzo, Willem Pinckaers, Ralf-Philipp Weinmann and others, and a use after free issue in the handling of text nodes, discovered by Vupen and Martin Barbella, were also fixed. These issues had been reported through Tipping Point's ZeroDay Initiative. Finally, a fix to a libxslt bug reported by the Google Chrome Security Team, stops maliciously crafted web sites attempting to bypass ASLR protection.

The update also fixes non-security bugs which caused blank or frozen video in Facetime and a problem which prevented some international users from connecting to 3G networks on the iPad. Apple has also released iOS 4.2.7 which offers the same security fixes for the Verizon CDMA version of the iPhone 4. Users can update their iOS-based mobile devices using the latest version of iTunes.